Prepares an SQL statement for execution.
A prepared statement is a pre-compiled SQL query that returns a resource/object. This resource can then be used to execute an SQL statement multiple times and helps reduce some overhead on the server. Prepared statements use parameterized values which are executed after the prepared statement is registered and are a proven deterent against SQL injection as the query is not exposed repeatedly.
mixed obj_prepare_statement ( str query[, array params ] )
Statement resource/object or false on failure.
<?php
try
{
$stmt = $dbh->obj_prepare_statement( "update mytable set dept=? where location=?" );
$stmt->obj_bind( 'Sales' );
$stmt->obj_bind( 'Chicago' );
$rs = $stmt->obj_execute();
if ( $dbh->obj_error() )
throw new Exception( $dbh->obj_error_message() );
echo $rs->obj_affected_rows();
$stmt->obj_free_statement();
$stmt->obj_bind( 'HR' );
$stmt->obj_bind( 'New York' );
$rs = $stmt->obj_execute();
if ( $dbh->obj_error() )
throw new Exception( $dbh->obj_error_message() );
echo $rs->obj_affected_rows();
$stmt->obj_close_statement();
}
catch ( Exception $e )
{
//log error and/or redirect user to error page
}
//SQLSRV driver
try
{
$params = array( &$var1, &$var2 );
$stmt = $dbh->obj_prepare_statement( "update mytable set dept=? where location=?", $params );
if ( $dbh->obj_error() )
throw new Exception( $dbh->obj_error_message() );
$stmt->obj_bind( $var1="Sales" );
$stmt->obj_bind( $var2="Chicago" );
$rs = $stmt->obj_execute();
if ( $dbh->obj_error() )
throw new Exception( $dbh->obj_error_message() );
echo $rs->obj_affected_rows();
$stmt->obj_close_statement();
}
catch ( Exception $e )
{
//log error and/or redirect user to error page
}
?>
See also: obj_query